Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan program Backdoor.Win32.Rbot.eib

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan program Backdoor.Win32.Rbot.eib

Unread postby lyxell » November 4th, 2007, 11:25 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:40, on 2007-11-04
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\TpShocks.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portalen.it/AdelaNet_20/adel ... logon.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Program\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Startup: Aktivt skyddssystem.lnk = C:\Windows\System32\TpShCPL.cpl
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Visa på skärmen (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11437 bytes
lyxell
Active Member
 
Posts: 13
Joined: November 4th, 2007, 11:12 am
Advertisement
Register to Remove

Unread postby Shaba » November 7th, 2007, 5:08 am

Hi lyxell

Which program found that?

Please post scan report from that program, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby lyxell » November 7th, 2007, 5:26 am

Kaspersky if you mean the trojan
lyxell
Active Member
 
Posts: 13
Joined: November 4th, 2007, 11:12 am

Unread postby Shaba » November 7th, 2007, 5:34 am

Hi

Ok, then re-scan with kaspersky and post here scan report or post scan report from that scan in whicj that Rbot was found :)

Or did active protection catch that?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby lyxell » November 7th, 2007, 5:57 am

yes it was the active protection
lyxell
Active Member
 
Posts: 13
Joined: November 4th, 2007, 11:12 am

Unread postby Shaba » November 7th, 2007, 5:59 am

Hi

Ok, then we check this next:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby lyxell » November 7th, 2007, 6:06 am

Deckard's System Scanner v20071014.68
Run by Bertil on 2007-11-07 11:01:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Bertil.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03, on 2007-11-07
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\TpShocks.exe
C:\Program Files\EverNote\EverNote\EverNote.exe
C:\Program Files\Opera\Opera.exe
C:\Users\Bertil\AppData\Roaming\Opera\Opera\profile\cache4\temporary_download\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bertil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portalen.it/AdelaNet_20/adel ... logon.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Program\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Startup: Aktivt skyddssystem.lnk = C:\Windows\System32\TpShCPL.cpl
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Visa på skärmen (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10577 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070929-165713-344 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
backup-20071002-230845-843 O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
backup-20071104-160742-308 O13 - Gopher Prefix:
backup-20071104-160742-528 O4 - Startup: CCC.lnk = ?
backup-20071104-160742-766 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
backup-20071104-160742-877 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071105-132630-617 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
backup-20071107-003015-536 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R2 tvtfilter - c:\windows\system32\drivers\tvtfilter.sys <Not Verified; Lenovo; Rescue and Recovery>
R3 scrcap - c:\windows\system32\drivers\scrcap.sys <Not Verified; ZD Soft; ZD Soft Screen Capture Series>

S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys
S3 tap0801 (TAP-Win32 Adapter V8) - c:\windows\system32\drivers\tap0801.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
R2 SUService (System Update) - "c:\program files\lenovo\system update\suservice.exe" <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TPHKSVC (Visa på skärmen) - c:\program files\lenovo\hotkey\tphksvc.exe
R2 TVT Backup Protection Service - "c:\program files\lenovo\rescue and recovery\rrpservice.exe" <Not Verified; ; rrpservice Module>
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>

S2 SBSDWSCService (SBSD Security Center Service) - c:\program files\spybot - search & destroy\sdwinsec.exe
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"
S4 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-07 10:27:00 256 --a------ C:\Windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job


-- Files created between 2007-10-07 and 2007-11-07 -----------------------------

2007-11-06 23:48:15 0 d-------- C:\!KillBox
2007-11-06 10:22:52 0 d-------- C:\Program Files\Yamicsoft
2007-11-04 13:55:34 0 d-------- C:\Users\All Users\Nero
2007-11-04 13:55:34 0 d-------- C:\Program Files\Nero
2007-11-04 13:55:33 0 d-------- C:\Program Files\Common Files\Nero
2007-11-02 10:41:28 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-28 11:24:40 0 d-------- C:\Program Files\Easy GIF Animator
2007-10-28 10:55:25 212992 --a------ C:\Windows\ALCHUNIN.EXE
2007-10-27 23:12:37 0 d-------- C:\Users\Bertil\blogg
2007-10-27 22:16:24 0 d-------- C:\Windows\Profiles
2007-10-27 22:16:16 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-10-26 10:42:25 0 d-------- C:\Program Files\iPod
2007-10-26 10:42:24 0 d-------- C:\Program Files\iTunes
2007-10-26 10:41:08 0 d-------- C:\Program Files\QuickTime
2007-10-26 10:22:07 0 d-------- C:\Program Files\Apple Software Update
2007-10-26 10:21:02 0 d-------- C:\Users\All Users\Apple
2007-10-26 10:21:02 0 d-------- C:\Program Files\Common Files\Apple
2007-10-25 08:23:11 0 d-------- C:\Users\Bertil\Ny mapp (1)
2007-10-22 07:23:40 0 d-------- C:\Windows\pss
2007-10-21 18:06:12 0 d-------- C:\Program Files\MiniCLIP
2007-10-19 11:39:55 0 d-------- C:\Program Files\Do It Again
2007-10-12 21:21:47 3365 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat <SPOONU~4.DAT>
2007-10-12 21:12:23 0 d-------- C:\Program Files\NewMail
2007-10-11 23:12:06 0 d-------- C:\Program Files\AV Vcs 5.5 DIAMOND
2007-10-11 22:30:11 0 d-------- C:\Program Files\AceMoney
2007-10-10 10:40:31 0 d-------- C:\Program Files\ElastoManiaRegistered
2007-10-09 15:46:10 0 d-------- C:\Program Files\TPTEST5
2007-10-09 10:42:07 0 d-------- C:\Program Files\ElastoMania111


-- Find3M Report ---------------------------------------------------------------

2007-11-06 23:34:48 0 d-------- C:\Users\Bertil\AppData\Roaming\OpenOffice.org2
2007-11-06 17:08:20 472414 --a------ C:\Windows\system32\perfh01D.dat
2007-11-06 17:08:20 81514 --a------ C:\Windows\system32\perfc01D.dat
2007-11-06 10:47:52 0 d-------- C:\Users\Bertil\AppData\Roaming\uTorrent
2007-11-06 10:47:07 0 d-------- C:\Program Files\Nvu
2007-11-06 10:47:07 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-11-06 10:47:06 0 d-------- C:\Program Files\Mozilla Sunbird
2007-11-05 16:23:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-04 14:19:12 0 d-------- C:\Users\Bertil\AppData\Roaming\Nero
2007-11-04 13:55:33 0 d-------- C:\Program Files\Common Files
2007-11-03 16:48:01 0 d-------- C:\Program Files\Warcraft III
2007-10-28 17:27:52 0 d-------- C:\Program Files\Sony
2007-10-27 22:16:25 0 d-------- C:\Users\Bertil\AppData\Roaming\URSoft
2007-10-26 10:42:46 0 d-------- C:\Users\Bertil\AppData\Roaming\Apple Computer
2007-10-26 08:23:27 0 d-------- C:\Users\Bertil\AppData\Roaming\gtk-2.0
2007-10-25 15:56:03 0 d-------- C:\Program Files\Java
2007-10-25 07:32:46 0 d-------- C:\Program Files\Opera
2007-10-24 11:13:32 0 d-------- C:\Program Files\FreeCap
2007-10-21 21:47:42 0 d-------- C:\Users\Bertil\AppData\Roaming\Skype
2007-10-12 20:55:24 0 d-------- C:\Users\Bertil\AppData\Roaming\WinRAR
2007-10-11 22:30:17 0 d-------- C:\Users\Bertil\AppData\Roaming\MechCAD
2007-10-10 11:12:10 0 d-------- C:\Program Files\Windows Mail
2007-10-06 14:14:23 0 d-------- C:\Program Files\Duplicate Music Files Finder
2007-10-06 09:04:50 0 d-------- C:\Program Files\Google
2007-10-05 11:06:59 0 d-------- C:\Program Files\Kaspersky Lab <KASPER~1>
2007-10-05 10:58:59 0 d-------- C:\Program Files\NCH Swift Sound
2007-10-04 07:40:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-04 07:40:32 0 d-------- C:\Program Files\EverNote
2007-10-02 16:35:36 0 d-------- C:\Users\Bertil\AppData\Roaming\Opera
2007-10-02 08:58:28 0 d-------- C:\Program Files\Bridge Construction Set
2007-10-02 08:58:09 720896 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-10-02 08:55:17 0 d-------- C:\Program Files\Sierra Entertainment
2007-10-01 15:22:01 0 d-------- C:\Users\Bertil\AppData\Roaming\SUPERAntiSpyware.com
2007-10-01 15:16:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-30 20:59:24 0 d-------- C:\Program Files\Windows Live Safety Center
2007-09-30 18:49:34 0 d-------- C:\Program Files\Lavasoft
2007-09-29 20:26:56 0 d-------- C:\Program Files\Picasa2
2007-09-29 20:26:56 0 d-------- C:\Program Files\Net Tools
2007-09-29 20:26:42 0 d-------- C:\Program Files\Common Files\Skype
2007-09-29 20:26:30 0 d-------- C:\Users\Bertil\AppData\Roaming\Thunderbird
2007-09-29 20:26:30 0 d-------- C:\Users\Bertil\AppData\Roaming\PeerNetworking
2007-09-29 20:26:30 0 d-------- C:\Users\Bertil\AppData\Roaming\Nvu
2007-09-29 20:26:28 0 d-------- C:\Users\Bertil\AppData\Roaming\mIRC
2007-09-29 20:26:28 0 d-------- C:\Users\Bertil\AppData\Roaming\Joost
2007-09-29 20:26:28 0 d-------- C:\Users\Bertil\AppData\Roaming\Bioshock
2007-09-29 15:54:55 0 d-------- C:\Program Files\Trend Micro
2007-09-29 13:36:05 0 --a------ C:\ntuser.dat
2007-09-29 10:19:49 0 d-------- C:\Program Files\Common Files\Lenovo
2007-09-28 22:20:37 0 d-------- C:\Users\Bertil\AppData\Roaming\Publish Providers
2007-09-28 22:20:23 0 d-------- C:\Users\Bertil\AppData\Roaming\Sony
2007-09-28 22:16:16 0 d-------- C:\Program Files\Sony Setup
2007-09-27 12:11:50 0 d-------- C:\Program Files\GraphCalc
2007-09-27 08:57:30 0 d-------- C:\Program Files\LieroX v0.56 Pack 1.9
2007-09-25 09:20:06 0 d-------- C:\Users\Bertil\AppData\Roaming\NCH Swift Sound
2007-09-24 22:10:44 3587 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat <SPOONU~3.DAT>
2007-09-24 22:01:19 0 d-------- C:\Program Files\NCH Software
2007-09-24 20:23:02 0 d-------- C:\Program Files\Linksys
2007-09-24 14:41:10 0 d-------- C:\Program Files\WinPcap
2007-09-24 11:15:09 0 d-------- C:\Program Files\Your Freedom
2007-09-22 22:10:54 0 d-------- C:\Users\Bertil\AppData\Roaming\dBpoweramp
2007-09-22 21:54:57 8457 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat <SPOONU~2.DAT>
2007-09-22 21:54:37 13281 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat <SPOONU~1.DAT>
2007-09-22 21:52:41 0 d-------- C:\Program Files\Illustrate
2007-09-22 16:05:28 0 d-------- C:\Program Files\Last.fm
2007-09-22 15:41:52 0 d-------- C:\Program Files\uTorrent
2007-09-21 19:59:49 0 d-------- C:\Users\Bertil\AppData\Roaming\AccurateRip
2007-09-13 10:21:22 0 d-------- C:\Program Files\DivX
2007-09-13 10:21:16 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-09-11 17:45:01 25773 --a------ C:\Users\Bertil\AppData\Roaming\UserTile.png
2007-09-09 20:39:10 0 dr-h----- C:\Users\Bertil\AppData\Roaming\SecuROM
2007-09-09 20:18:17 0 d-------- C:\Program Files\2K Games
2007-09-09 18:03:15 0 d-------- C:\Program Files\Audacity
2007-09-08 23:58:01 0 d-------- C:\Program Files\Joost
2007-09-08 22:27:48 0 d-------- C:\Users\Bertil\AppData\Roaming\vlc
2007-09-08 22:23:44 0 d-------- C:\Program Files\VideoLAN
2007-09-08 21:50:01 0 -rahs---- C:\MSDOS.SYS
2007-09-08 21:50:01 0 -rahs---- C:\IO.SYS
2007-09-08 18:42:07 0 d-------- C:\Program Files\Microsoft Games
2007-08-29 12:55:11 174 --ahs---- C:\Program Files\desktop.ini
2007-08-29 12:48:12 1646 --a------ C:\Windows\mozver.dat
2007-08-27 14:25:14 76420 --a------ C:\Windows\War3Unin.dat
2007-08-27 14:20:57 2829 --a------ C:\Windows\War3Unin.pif
2007-08-27 14:20:57 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-08-24 17:08:24 1275392 --a------ C:\Windows\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>
2007-08-21 01:26:52 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-21 01:26:52 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-15 23:33:14 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-08-15 23:30:56 802816 --a------ C:\Windows\system32\divx_xx11.dll <DIVX_X~3.DLL> <Not Verified; DivX, Inc.; DivX?>
2007-08-15 23:30:56 823296 --a------ C:\Windows\system32\divx_xx0c.dll <DIVX_X~1.DLL> <Not Verified; DivX, Inc.; DivX®>
2007-08-15 23:30:56 823296 --a------ C:\Windows\system32\divx_xx07.dll <DIVX_X~2.DLL> <Not Verified; DivX, Inc.; DivX®>
2007-08-15 23:30:56 740442 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-08-15 23:30:26 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll <DIVXWM~1.DLL>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-14 04:27]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-13 19:53]
"TPFNF7"="C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-10 02:03]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-28 18:30]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 13:49]
"PWMTRV"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-04-11 01:03]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2007-04-11 01:03]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-13 22:23]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-23 01:02]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [2006-12-21 10:50]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 11:51]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-12-13 11:10]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 15:21]
"LenovoOobeOffers"="c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Program\TpKmapAp.exe" [2007-02-26 17:45]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 11:51]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]

C:\Users\Bertil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Aktivt skyddssystem.lnk - C:\Windows\System32\TpShCPL.cpl [2006-12-25 20:14:36]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-22 16:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MiniCLIP.lnk]
backup=C:\Windows\pss\MiniCLIP.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Setup Initialization]
Microsoft Setup Initialization

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {5CF4E506-3628-7338-E2DC-8132134AA893} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-11-07 11:04:54 ------------













Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Business (build 6000)
Architecture: X86; Language: Swedish

CPU 0: Intel(R) Core(TM) Duo CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 2045.81 MiB / 957.05 MiB
Pagefile Memory (total/avail): 4305.38 MiB / 3295.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.8 MiB

C: is Fixed (NTFS) - 73.84 GiB total, 12.52 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HITACHI HTS541680J9SA00 - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 700 MiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 73.84 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
AV: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Bertil\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GBG-LYXELLN
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Bertil
LOCALAPPDATA=C:\Users\Bertil\AppData\Local
LOGONSERVER=\\GBG-LYXELLN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;C:\Program Files\Diskeeper Corporation\Diskeeper\;;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RR=C:\Program Files\Lenovo\Rescue and Recovery
SMA=C:\Program Files\ThinkVantage\SMA\
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Bertil\AppData\Local\Temp
TMP=C:\Users\Bertil\AppData\Local\Temp
TPCCommon=C:\PROGRA~1\THINKV~1\PrdCtr
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=GBG-LYXELLN
USERNAME=Bertil
USERPROFILE=C:\Users\Bertil
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Bertil


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x001d -removeonly
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x001d -removeonly
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
Access - Hjälp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x1d UNINSTALL
AceMoney Lite --> "C:\Program Files\AceMoney\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A81000000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
AFPL Ghostscript 8.54 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Uninstaller --> C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
BioShock --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\setup.exe" -l0x9 -removeonly
Client Security Solution --> MsiExec.exe /X{0F4EFCE8-E358-4430-A504-F55F32BA1816}
dBpoweramp DSP Effects --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
dBpoweramp m4a Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Music Converter --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Windows Media Audio 10 Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
Diskeeper Home --> MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Do It Again --> MsiExec.exe /I{4F12C5DC-1EB2-4068-BA1A-7628E920A825}
Duplicate Music Files Finder 1.5.5 --> "C:\Program Files\Duplicate Music Files Finder\unins000.exe"
Easy GIF Animator 3.2 --> "C:\Program Files\Easy GIF Animator\unins000.exe"
Elasto Mania --> C:\PROGRA~1\ELASTO~2\UNWISE.EXE C:\PROGRA~1\ELASTO~2\INSTALL.LOG
EverNote (Trial) --> C:\Program Files\InstallShield Installation Information\{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}\setup.exe -runfromtemp -l0x0009 -removeonly
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
FreeCap version 3.18 --> "C:\Program Files\FreeCap\unins000.exe"
FreeMind --> "C:\Program Files\FreeMind\unins000.exe"
GhostMouse 2.0 --> C:\Windows\uninst.exe -fC:\GMouse20\DeIsL1.isu -cC:\GMouse20\_ISREG32.DLL
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GraphCalc v4.0.1 --> "C:\Program Files\GraphCalc\unins000.exe"
GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hjälpcentralen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x1d -AddRemove
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
IZArc 3.7 --> "C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Joost (tm) 0.12.0 --> C:\Program Files\Joost\uninst.exe
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KiSS PC-Link 3.0.5 --> C:\PROGRA~1\Linksys\KISSPC~1\Setup.exe /remove /q0
LADSPA_plugins-win-0.4.15 --> "C:\Program Files\Audacity\Plug-Ins\unins000.exe"
Last.fm 1.3.2.13 --> "C:\Program Files\Last.fm\unins000.exe"
Lenovo System Interface Driver --> RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NTx86 130 C:\Program Files\Lenovo\SMIIF\lnvsmi.inf
Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\AWAYTASK.INF
Meddelandecentralen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x1d -AddRemove
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\mpg4c32.inf
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MiniCLIP 2002 --> "C:\Program Files\MiniCLIP\unins000.exe"
Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.5) --> C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.6) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 --> MsiExec.exe /X{0A2DEB31-F8E5-413B-8A86-0D7843C6C496}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NewMail --> C:\Windows\uninst.exe -f"C:\Program Files\NewMail\DeIsL1.isu"
Nvu 1.0 --> "C:\Program Files\Nvu\unins000.exe"
OpenOffice.org 2.1 --> MsiExec.exe /I{6D8FE0C8-000D-4486-9814-135AE44A44BD}
Opera 9.24 --> MsiExec.exe /X{16913489-B5E3-403E-AFD3-2B19BBE464D4}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Presentationshanteraren --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x1d -AddRemove
Productivity Center - tillägg för ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x1d -AddRemove
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Registry patch for Windows Vista USB S3 PM Enablement --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\USBPMon\USBPMon.inf
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\FPIRPOn\FPIRPOn.inf
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\Dipmon\Dipmon.inf
Rescue and Recovery --> MsiExec.exe /X{7E4C16B8-8F76-4940-8505-98E93C00BF19}
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0001] --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Scribus 1.3.3.9 --> C:\Program Files\Scribus 1.3.3.9\uninst.exe
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX --> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe -runfromtemp -l0x001d -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Migration Assistant --> MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
The GIMP 2.2.13 --> "C:\Program Files\GIMP-2.0\unins000.exe"
ThinkPad Anpassat tangentbord --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x1d anything
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x1d -AddRemove
ThinkPad Energispararen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}\SETUP.EXE" -l0x1d -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Mobility Center Customization --> MsiExec.exe /X{E1A83640-A568-4B56-A4C9-AB38C7035156}
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588z.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad UltraNav-guiden --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\SETUP.EXE" -l0x1d UNINSTALL
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkVantage Aktivt skyddssystem --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x1d -AddRemove
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x1d anything
Tom Clancy's Rainbow Six Vegas --> C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly
TPTEST 5.0.2 --> "C:\Program Files\TPTEST5\unins000.exe"
Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x1d UNINSTALL
Warcraft III --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warcraft III: All Products --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Intel (e1express) Net (11/16/2006 9.6.31.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\e1e6032.inf_a9c92413\e1e6032.inf
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaahci.inf
Windows Driver Package - Intel hdc (09/15/2006 8.2.0.1008) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich7id2.inf_103d01c3\ich7id2.inf
Windows Driver Package - Intel hdc (09/15/2006 8.2.0.1008) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich7ide.inf_4cc59aa4\ich7ide.inf
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\dmi_pci.inf_0e65d7c6\dmi_pci.inf
Windows Driver Package - Intel System (09/15/2006 7.0.0.1020) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich7core.inf_9c74ea21\ich7core.inf
Windows Driver Package - Intel System (09/15/2006 8.2.0.1008) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\945gm.inf_20363d8e\945gm.inf
Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich7usb.inf_f4517067\ich7usb.inf
Windows Driver Package - Lenovo (IBMPMDRV) System (11/01/2006 1.41) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_3462dfa4\ibmpmdrv.inf
Windows Live Messenger --> MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Toolbar --> "c:\Program Files\Windows Live Toolbar\UnInstall.exe" {96C79EA4-E1A4-423D-90DB-6FFFEF6994AB}
Windows Live Toolbar --> MsiExec.exe /X{96C79EA4-E1A4-423D-90DB-6FFFEF6994AB}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 3.0 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
Visa på skärmen --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.LH 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Vista Manager --> MsiExec.exe /I{4E79AC14-1F0A-4044-B069-126EDCD2308F}
World in Conflict - DEMO --> C:\Program Files\InstallShield Installation Information\{D24CD157-E4C4-4184-9465-B5C025E736AD}\Setup.exe -runfromtemp -l0x0009 -removeonly
XviD MPEG-4 Video Codec --> C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\Windows\INF\xvid.inf
Your Freedom --> "C:\Program Files\Your Freedom\uninstall.exe"
Your Uninstaller! 2006 Version 5 --> "C:\Program Files\Your Uninstaller 2006\unins000.exe"
ZD Soft Screen Recorder --> "C:\Program Files\ZD Soft\Screen Recorder\Uninstall.exe"
ZD Soft Screen Video Decoder --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\scrvid.inf


-- Application Event Log -------------------------------------------------------

Event Record #/Type146437 / Success
Event Submitted/Written: 11/07/2007 08:30:14 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type146429 / Success
Event Submitted/Written: 11/07/2007 08:26:03 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type146428 / Error
Event Submitted/Written: 11/07/2007 08:26:02 AM
Event ID/Source: 5007 / WerSvc
Event Description:
Det gick inte att parsa målfilen för WFP (Windows Feedback Platform, en DLL-fil som innehåller en lista med problem på datorn som kräver att ytterligare data samlas in för diagnos). Felkod 8014FFF9.

Event Record #/Type146426 / Success
Event Submitted/Written: 11/07/2007 08:26:00 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type146423 / Success
Event Submitted/Written: 11/07/2007 08:25:58 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Tjänsten Software Licensing har startats.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type31328 / Warning
Event Submitted/Written: 11/07/2007 11:03:19 AM
Event ID/Source: 3004 / WinDefend
Event Description:
Realtidsskyddet från %GBG-LYXELLN27 upptäckte ändringar. Microsoft rekommenderar att du analyserar programvaran som utförde ändringarna med avseende på risker. Du kan använda informationen om hur de här programmen fungerar för att välja om du ska tillåta att de körs eller ta bort dem från datorn. Tillåt bara ändringarna om du litar på programmet eller programvaruutgivaren. Du kan inte ångra ändringar som du tidigare har tillåtit med %GBG-LYXELLN27.

Mer information finns här:
%GBG-LYXELLN275

Sök-ID: {B66353FB-8E6E-4E6B-A7EF-47D06ED9031C}

Användare: GBG-LYXELLN\Bertil

Namn: %GBG-LYXELLN271

ID: %GBG-LYXELLN272

Allvarlighets-ID: %GBG-LYXELLN273

Kategori-ID: %GBG-LYXELLN274

Sökväg: %GBG-LYXELLN276

Aviseringstyp: %GBG-LYXELLN278

Identifieringstyp: 1.1.1505.02

Event Record #/Type31327 / Warning
Event Submitted/Written: 11/07/2007 11:03:19 AM
Event ID/Source: 3004 / WinDefend
Event Description:
Realtidsskyddet från %GBG-LYXELLN27 upptäckte ändringar. Microsoft rekommenderar att du analyserar programvaran som utförde ändringarna med avseende på risker. Du kan använda informationen om hur de här programmen fungerar för att välja om du ska tillåta att de körs eller ta bort dem från datorn. Tillåt bara ändringarna om du litar på programmet eller programvaruutgivaren. Du kan inte ångra ändringar som du tidigare har tillåtit med %GBG-LYXELLN27.

Mer information finns här:
%GBG-LYXELLN275

Sök-ID: {87D23312-4D79-4AFB-B9A2-F4030466B8B7}

Användare: GBG-LYXELLN\Bertil

Namn: %GBG-LYXELLN271

ID: %GBG-LYXELLN272

Allvarlighets-ID: %GBG-LYXELLN273

Kategori-ID: %GBG-LYXELLN274

Sökväg: %GBG-LYXELLN276

Aviseringstyp: %GBG-LYXELLN278

Identifieringstyp: 1.1.1505.02

Event Record #/Type31326 / Warning
Event Submitted/Written: 11/07/2007 11:03:18 AM
Event ID/Source: 3004 / WinDefend
Event Description:
Realtidsskyddet från %GBG-LYXELLN27 upptäckte ändringar. Microsoft rekommenderar att du analyserar programvaran som utförde ändringarna med avseende på risker. Du kan använda informationen om hur de här programmen fungerar för att välja om du ska tillåta att de körs eller ta bort dem från datorn. Tillåt bara ändringarna om du litar på programmet eller programvaruutgivaren. Du kan inte ångra ändringar som du tidigare har tillåtit med %GBG-LYXELLN27.

Mer information finns här:
%GBG-LYXELLN275

Sök-ID: {7F402FC0-F3E0-405F-B865-9DC8C1D04CB6}

Användare: GBG-LYXELLN\Bertil

Namn: %GBG-LYXELLN271

ID: %GBG-LYXELLN272

Allvarlighets-ID: %GBG-LYXELLN273

Kategori-ID: %GBG-LYXELLN274

Sökväg: %GBG-LYXELLN276

Aviseringstyp: %GBG-LYXELLN278

Identifieringstyp: 1.1.1505.02

Event Record #/Type31325 / Warning
Event Submitted/Written: 11/07/2007 11:03:18 AM
Event ID/Source: 3004 / WinDefend
Event Description:
Realtidsskyddet från %GBG-LYXELLN27 upptäckte ändringar. Microsoft rekommenderar att du analyserar programvaran som utförde ändringarna med avseende på risker. Du kan använda informationen om hur de här programmen fungerar för att välja om du ska tillåta att de körs eller ta bort dem från datorn. Tillåt bara ändringarna om du litar på programmet eller programvaruutgivaren. Du kan inte ångra ändringar som du tidigare har tillåtit med %GBG-LYXELLN27.

Mer information finns här:
%GBG-LYXELLN275

Sök-ID: {C56B7E60-4BE8-4454-A551-32FCDDC1F296}

Användare: GBG-LYXELLN\Bertil

Namn: %GBG-LYXELLN271

ID: %GBG-LYXELLN272

Allvarlighets-ID: %GBG-LYXELLN273

Kategori-ID: %GBG-LYXELLN274

Sökväg: %GBG-LYXELLN276

Aviseringstyp: %GBG-LYXELLN278

Identifieringstyp: 1.1.1505.02

Event Record #/Type31324 / Warning
Event Submitted/Written: 11/07/2007 11:03:17 AM
Event ID/Source: 3004 / WinDefend
Event Description:
Realtidsskyddet från %GBG-LYXELLN27 upptäckte ändringar. Microsoft rekommenderar att du analyserar programvaran som utförde ändringarna med avseende på risker. Du kan använda informationen om hur de här programmen fungerar för att välja om du ska tillåta att de körs eller ta bort dem från datorn. Tillåt bara ändringarna om du litar på programmet eller programvaruutgivaren. Du kan inte ångra ändringar som du tidigare har tillåtit med %GBG-LYXELLN27.

Mer information finns här:
%GBG-LYXELLN275

Sök-ID: {35D13899-5C4E-4F63-9E6C-D4686957C8DE}

Användare: GBG-LYXELLN\Bertil

Namn: %GBG-LYXELLN271

ID: %GBG-LYXELLN272

Allvarlighets-ID: %GBG-LYXELLN273

Kategori-ID: %GBG-LYXELLN274

Sökväg: %GBG-LYXELLN276

Aviseringstyp: %GBG-LYXELLN278

Identifieringstyp: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2007-11-07 11:04:54 ------------
lyxell
Active Member
 
Posts: 13
Joined: November 4th, 2007, 11:12 am

Unread postby Shaba » November 7th, 2007, 6:29 am

Hi

Looks good, but let's check this anyway:

Please run this online scan:

Panda ActiveScan

  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


Post the contents of the Panda scan report, along with a new HijackThis Log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby lyxell » November 7th, 2007, 6:47 am

the scan does not support Vista




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46, on 2007-11-07
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\TpShocks.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portalen.it/AdelaNet_20/adel ... logon.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Program\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Startup: Aktivt skyddssystem.lnk = C:\Windows\System32\TpShCPL.cpl
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Visa på skärmen (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10456 bytes
lyxell
Active Member
 
Posts: 13
Joined: November 4th, 2007, 11:12 am

Unread postby Shaba » November 7th, 2007, 6:49 am

Hi

This should then support:

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby lyxell » November 8th, 2007, 4:38 am

RegUBP2b-Bertil.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2 Trojan.StartPage.1505 Deleted.
rnrDeploy.xml C:\Program\Lenovo\Rescue and Recovery Probably SCRIPT.BATCH.Virus Incurable.Moved.
rnrDeploy.xml C:\Program Files\Lenovo\Rescue and Recovery Probably SCRIPT.BATCH.Virus
Process.exe C:\SDFix\apps Tool.Prockill Incurable.Moved.
lyxell
Active Member
 
Posts: 13
Joined: November 4th, 2007, 11:12 am

Unread postby Shaba » November 8th, 2007, 4:58 am

Hi

These are false positives and can move them back from %userprofile%\DoctorWeb\quarantine folder to original folder.

rnrDeploy.xml C:\Program\Lenovo\Rescue and Recovery Probably SCRIPT.BATCH.Virus Incurable.Moved.
rnrDeploy.xml C:\Program Files\Lenovo\Rescue and Recovery Probably SCRIPT.BATCH.Virus

Any issues left?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan program Backdoor.Win32.Rbot.eib

Unread postby lyxell » November 13th, 2007, 2:45 pm

depends by what you mean with issues.
my computer is really slow and windows security center is not working for an example.
lyxell
Active Member
 
Posts: 13
Joined: November 4th, 2007, 11:12 am

Re: Trojan program Backdoor.Win32.Rbot.eib

Unread postby Shaba » November 13th, 2007, 2:54 pm

Hi

For general slowness, see here

For security center issue, download this
, doubleclick it, click yes and ok. Reboot.

Did those help?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan program Backdoor.Win32.Rbot.eib

Unread postby lyxell » November 13th, 2007, 3:02 pm

I clean my computer every day so I don't think it is that.

Can you tell me what that fix is doing. last time i downloaded a fix for security center it messed with my registry and i had to restore it.
lyxell
Active Member
 
Posts: 13
Joined: November 4th, 2007, 11:12 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware